Lucene search

K
mageiaGentoo FoundationMGASA-2023-0283
HistoryOct 03, 2023 - 1:53 p.m.

Updated chromium-browser-stable package fixes bugs and vulnerabilities

2023-10-0313:53:29
Gentoo Foundation
advisories.mageia.org
10
chromium
update
bug fixes
security
vulnerabilities
cve-2023-5217
heap buffer overflow
use after free
type confusion
incorrect security ui
out of bounds memory access
webp
libvpx
passwords
extensions
custom tabs
prompts
input
custom mobile tabs
downloads
autofill
interstitials
picture in picture
intents
fedcm
v8
networks
bfcache

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.8

Percentile

98.3%

The chromium-browser-stable package has been updated to the 117.0.5938.92 release, fixing bugs and 31 vulnerabilities, together with 117.0.5938.92, 117.0.5938.88, 117.0.5938.62, 116.0.5845.187 and 116.0.5845.179. Google is aware that an exploit for CVE-2023-5217 exists in the wild. High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-09-25 High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05 High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25 Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06 Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06 Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29 Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14 Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18 Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09 Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29 Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30 Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04 Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06 Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09 Critical CVE-2023-4863: Heap buffer overflow in WebP High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28 High CVE-2023-4762: Type Confusion in V8. Reported by anonymous on 2023-08-16 High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03 High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20

OSVersionArchitecturePackageVersionFilename
Mageia9noarchchromium-browser-stable< 117.0.5938.132-1chromium-browser-stable-117.0.5938.132-1.mga9.tainted

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.8

Percentile

98.3%